Your SlideShare is downloading. ×

Windows 8 is Coming to a BYOD Near You

334
views

Published on

If you are like me, you aren’t planning to migrate to Windows 8. But with Surface RTs selling the way they are, I guarantee we will have users bringing their own Windows 8 devices. …

If you are like me, you aren’t planning to migrate to Windows 8. But with Surface RTs selling the way they are, I guarantee we will have users bringing their own Windows 8 devices.

In this fast-paced webinar, I’ll look at everything that’s new as far as security in Windows 8, with a special focus on mobility. You folks are really the go-to group in your organization for debunking the myths of Windows 8 and this webinar will help you provide the accurate answers to internal users and executives on questions like:
What do I tell my CEO when she asks about supporting her new Win8 laptop?
What do I tell my users who want to bring in their Windows RT Surface tablets?
What is the security impact of bringing Windows 8 into my environment?

The biggest distinctions guiding this discussion about Windows 8 security will be: 1) RT vs. “Real” Windows, and 2) BYOD vs. corporate-owned devices. If organizations out there are planning to roll-out a Windows 8 fleet of devices, I’ll help by covering the mobile device management (MDM) features and gaps in Windows 8. One of the biggest facts to know right now is that Windows 8 “RT” does not support domain membership or group policy. You heard me right. To manage RT devices, you’d need to have a new version of Windows Intune (the Microsoft PC management service in the cloud), which integrates with a new version of Microsoft System Center. This is an interesting approach to the BYOD security dilemma.

Windows 8 does have some interesting new security features, which we’ll cover:
UEFI Secure Boot support – UEFI stands for Unified Extensible Firmware Interface which replaces the good ole BIOS we’ve had to for decades. UEFI promises to make Windows 8 very resistant to low level malware like rootkits.
SmartScreen filter – has been extended from Internet Explorer to Windows itself.
Windows Defender – Bloggers are pronouncing this as a “full anti-malware solution”. We’ll determine if that is really so.
Picture Password – a new touch based logon method using pictures and gestures

Another thing we will cover is which security features are available in Windows 8 (base consumer edition), Windows 8 Pro, Windows 8 Enterprise and Windows 8 RT. There are very big differences between these editions.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
334
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. UltimateWindowsSecurity.com Windows 8 Is Coming to a BYOD Near You: Are the New Security Features Enough? © 2012 Monterey Technology Group Inc. Brought to you by www.lumension.com Speaker  Russ Ernst – Group Product Manager© 2012 Monterey Technology Group Inc. 1
  • 2. UltimateWindowsSecurity.com Preview of Key Points New security features RT vs. Regular Windows Differences between editions Mobile device management Gaps © 2012 Monterey Technology Group Inc. New security features Protecting against advanced malware – Trusted Boot UEFI Secure Boot Measured Boot ELAM © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 2
  • 3. UltimateWindowsSecurity.com New security features  UEFI  Modern replacement for BIOS  Secure Boot  Requires UEFI but not TPM  Firmware checks bootloader against OS vender certificate  Protects against rootkits/bootkits  http://tinyurl.com/3z2shwn Any OS BIOS OS Start Loader Verified UEFI OS Loader OS Start Only © 2012 Monterey Technology Group Inc. New security features  Measured Boot Requires TPM but not UEFI Uses the TPM to verify components have not been tampered with Enhanced version of what was available in Windows Vista and 7  ELAM Early Launch Anti-Malware Allows AV to launch before OS fully loaded Also allows AV to check what still loaded before it Can attest to a remote server for verification Great MS whitepaper: http://tinyurl.com/acr2oke © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 3
  • 4. UltimateWindowsSecurity.com New security features More good links http://msdn.microsoft.com/en- us/library/windows/hardware/br259096.aspx © 2012 Monterey Technology Group Inc. New security features BitLocker enhancements Boot configuration data (BCD) validation moved to SecureBoot when available Provisioning possible prior to OS setup Used diskspace only Reduced helpdesk calls • Standard users can change PIN/passwords • Network unlock Support for encrypted hard drives • Not the same as self-encrypted drives (SEDs) © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 4
  • 5. UltimateWindowsSecurity.com New security features SmartScreen Unrecognized apps and files downloaded from the Internet Moved from IE to Windows so other files from any browser subject Memory Management Comprehensive randomization and guard pages More defense against memory exploit tactics AppContainers Enhanced sandbox © 2012 Monterey Technology Group Inc. New security features Picture Password © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 5
  • 6. UltimateWindowsSecurity.com New security features  Picture Password  Password stored in clear text? • Not so much • But is available to any admin on the system  Actually stored in reversible encryption • Everyone crying that’s a no-no for password storage • Hashes would not work in this case  Microsoft blog post on the “math” behind picture passwords • http://tinyurl.com/bmua4fc • Math adds up • But the facts don’t  Key point though: • You only get 5 chances • Same with 4 digit PIN © 2012 Monterey Technology Group Inc. New security features Windows Defender http://mashable.com/2012/10/22/windows-8- security-now-things-get-interesting/ http://news.softpedia.com/news/15-of-Malware- Can-Get-Past-Windows-8-s-Defender-Experts- Find-305535.shtml Nice to have? yes Replacement for corporate A/V? Far from it © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 6
  • 7. UltimateWindowsSecurity.com RT vs. Real Windows ARM based RT Better • Battery life and weight Worse • Doesn’t run x86 Windows apps • Traditional desktop mode not available to 3rd party • 3rd party browsers restricted to certain APIs • No AD membership or group policy • Not BitLocker but has encryption Different • Management infrastructure © 2012 Monterey Technology Group Inc. Differences between editions of real Windows http://en.wikipedia.org/wiki/Windows_8_editions Partial Yes Yes Yes Supported third-party Windows Store apps only Windows Store and desktop Windows Store and desktop Windows Store and desktop apps[2][16] Remote Desktop Client only Client only Client and host Client and host Storage Spaces No Yes Yes Yes Encryption features Device encryption[b] Unavailable BitLocker and EFS BitLocker and EFS Sideload Windows Store apps Yes [18] No[11] Yes [19] Yes [11] Boot from VHD No No Yes Yes Can join a Windows domain? No No Yes Yes Group Policy No No Yes Yes Hyper-V[20] No No On 64-bit versions only with SLAT capable CPU AppLocker[c] No No No Yes Windows To Go No No No Yes DirectAccess No No No Yes BranchCache[d] No No No Yes Can be virtualized by No No No Yes RemoteFX? Services for Network File No No No Yes System [23] Microsoft Office apps bundled Yes No No No with OS[e] Windows Media Center No No Via an add-in[24] No Windows RT Windows 8 Windows 8 Pro Windows 8 Enterprise © 2012 Monterey Technology Group Inc. From wikipedia© 2012 Monterey Technology Group Inc. 7
  • 8. UltimateWindowsSecurity.com Mobile Device Management Management Infrastructure Designed to address corporate security concerns on employee-owned devices (BYOD) • RT & Real Windows Integrates with System Center • Agent and self-service-portal © 2012 Monterey Technology Group Inc. Mobile Device Management  Management Infrastructure Policies • Allow Convenience Logon • VPN • Maximum Failed Password Attempts • Drive Encryption Status • Maximum Inactivity Time Lock • Auto Update Status • Minimum Device Password • Antivirus Status Complex Characters • AntiSpyWare Status • Minimum Password Length • Password Enabled • Password Expiration • Password History © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 8
  • 9. UltimateWindowsSecurity.com Mobile Device Management Management Infrastructure Disconnect can be initiated by admin remotely or user locally • Everything reversed • Business data wiped? © 2012 Monterey Technology Group Inc. Gaps Enterprise anti-malware Full virus coverage Reporting Application control Full configuration management Compliance Device control © 2012 Monterey Technology Group Inc.© 2012 Monterey Technology Group Inc. 9
  • 10. UltimateWindowsSecurity.com lumension.com/windows-8 Comprehensive Endpoint Management and Security for Microsoft Windows 8 and Windows Server 2012 Lumension® Supports Your Windows 8 and Windows Server 2012 Migration Plans with Solution Readiness Download the FAQ today at lumension.com/windows-8 Brought to you by www.lumension.com Speaker  Russ Ernst – Group Product Manager© 2012 Monterey Technology Group Inc. 10